Within consumer computer and network applications, there is an inherent lack of interoperability in the form of an open interface to arbitrate file access beyond standard filesystem permissions and related attributes. If a developer desired to deliver information to a process or peripheral securely, there are few readily available options, short of partnering with peripheral or process developers for application program interface (API) options. This is cumbersome to implement and often results in limited access for the user.
Custom filesystems have been developed to implement digital rights management (DRM) processes in a transparent fashion, freeing application developers from the burden of creating and exposing an API for secure content delivery. However, some of these filesystems are designed to require a persistent connection to the Internet; certain system calls (open( ), close( ), read( ), write( )) will “call home” (a verification via connection) to validate file privileges in real time, because they were designed for cellular devices.
One U.S. patent application (US2011/0213971) discloses several generic implementations that require a persistent network connection for cellular devices. However, a network connection is sometimes unavailable when access to the data is a necessity. Furthermore, application US2011/0213971 utilizes access control binding for requests, requiring significant overhead.
Herein, new inventions and new improvements upon prior art are presented with the explicit use of providing secure access to data regardless of network state or connectivity state to the networked access control mechanism. We present improvements to the particulars of the access control mechanism, particularly by adding a secondary offline access control mechanism, presenting multiple implementations for data encapsulation, as well as providing a method for writes to files and to the filesystem itself by externally created applications with no API or modification to their operation.